CNNVD-202509-4471 Information
CNNVD ID
CNNVD-202509-4471
Related CVE
- CNNVD Published: 2025-09-30
Description (Chinese)
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 3.5版本、3.4版本、3.3版本、3.2版本、3.1版本和3.0版本存在安全漏洞,该漏洞源于SM2算法实现存在时序侧信道,可能导致私钥恢复。
Description (English)
OpenSSL is an open source for the OpenSSL team to achieve the SSLv2/v3 and TLSv1 protocols. The product supports a variety of encryption algorithms, including called passwords, Hashi algorithms, safe hash algorithms, etc. OpenSSL Version 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 have a security loophole, which results from the SM2 algorithm achieving a time-series channel that may lead to the restoration of the private key.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenSSL
Published
2025-09-30
Last Modified
2026-02-24
References
https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe https://openssl-library.org/news/secadv/20250930.txt https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698 https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4 https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2 https://vigilance.fr/vulnerability/OpenSSL-information-disclosure-via-SM2-Algorithm-64-Bit-ARM-48345